Tuesday, February 7, 2012

It looks like the hackers that lifted source code from Symantec’s servers back in 2006 have kept their promise to release the stolen source code to the public.

According to an email exchange posted on Pastebin on Monday, a hacker going by the handle “Yamatough” had been communicating with a purported Symantec employee by the name of Sam Thomas in hopes of getting a $50,000 payday as long as he agreed not to release the stolen pcAnywhere and Norton Antivirus source code.

Unfortunately, negotiations that started back in mid-January eventually broke down and Yamatough fired off his final threat to release the source code if Symantec didn’t agree to hand over 50 grand within 10 minutes:

Since no code yet being released and our email communication wasn’t also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it

Thomas replied, saying they couldn’t make a decision in 10 minutes and more time was needed.

Shortly thereafter, Yamatough took to Twitter to apologize to his followers for his silence, filled them in on the offer from Symantec and said the stolen source code was up for sale.

The AnonymousIRC channel helped get the word out by tweeting that the stolen Symantec source code would be published soon:

https://twitter.com/#!/AnonymousIRC/status/166676746689716226

Hours later, a 1.27GB RAR file named "Symantec's pcAnywhere Leaked Source Code" appeared on PirateBay and @AnonymousIRC posted a tweet advertising the link:

https://twitter.com/#!/anonymousirc/status/166744502315388930

What's Symantec's Response?

Symantec has confirmed the extortion attempt and released the following statement:

In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

Update 2:22 PM: Symantec has also confirmed that the pcAnywhere source code posted on Pirate Bay is legitimate:

We can confirm that the source code is legitimate. It is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to have been in possession during the last few weeks.